Weekly Cybersecurity Recap - 8 December 2025

Introduction

The cybersecurity landscape continues to evolve at a rapid pace, and this week’s developments illustrate just how quickly threats are advancing across AI systems, cloud ecosystems, supply chains, and critical industries. From high-severity RCE flaws in widely used development frameworks to stealthy mobile malware campaigns and systemic risks facing manufacturers, organizations are grappling with escalating attack complexity and expanding exposure surfaces.

Below is a deeper look at the major security stories shaping the week to help teams understand the risks and take proactive steps.

AI and Emerging Tech Threats

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Researchers disclosed over 30 vulnerabilities affecting multiple AI-powered IDEs, showing how prompt injection can be paired with legitimate features to perform data theft and remote code execution. These issues collectively named IDEsaster impact popular tools like Cursor, Windsurf, GitHub Copilot, and Roo Code. Of the flaws identified, 24 have been assigned CVE identifiers, highlighting the widespread risk as AI development environments become deeply embedded in software workflows.

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A newly revealed agentic browser attack targeting Perplexity's Comet browser demonstrates how attackers can automate destructive actions without user interaction. By leveraging access granted for task automation, a crafted email can trigger operations across Gmail and Google Drive, ultimately deleting entire file repositories. This highlights the emerging risks of autonomous browser assistants and their deep integration with cloud services.

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity flaw (CVE-2025-55182) in React Server Components was disclosed, enabling unauthenticated RCE. Nicknamed React2Shell, the vulnerability poses a significant risk to developers and enterprises using React or Next.js in server-side rendering environments, underscoring the importance of rapid patching.

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

A deceptive npm package, eslint-plugin-unicorn-ts-2, was found using concealed prompts and scripts to bypass AI-driven security scanners. Despite masquerading as a legitimate TypeScript extension, the package has nearly 19,000 downloads and remains available, adding to ongoing concerns about supply chain integrity within the JavaScript ecosystem.

Agentic Security Firm 7AI Raises $130 Million

7AI, founded in 2024, announced a major $130M funding round bringing its total to $166M. The company specializes in autonomous “swarming agents” designed to automate non-human security tasks such as triaging alerts and correlating telemetry. With investments led by Index Ventures and participation from Blackstone, the rapid capital infusion emphasizes the accelerating demand for AI-driven security automation.

Mobile, Web and Supply Chain Attacks

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

GoldFactory threat actors launched a new wave of attacks impersonating government services across Southeast Asia. By distributing modified banking applications, they infected over 11,000 devices with Android malware capable of stealing financial data and performing unauthorized transactions. Activity has been tracked since late 2024, with strong targeting in Indonesia, Thailand, and Vietnam.

React Flaw Mitigation Leads to Cloudflare Outage

Cloudflare experienced a brief but impactful outage on Friday affecting platforms such as LinkedIn, X, Zoom, and Canva. While unrelated to a previous outage earlier this month, the disruption was linked to mitigation processes around a React-related flaw. A configuration issue caused internal server errors across multiple services before being resolved.

Industry Trends and Sector Risks

Threat Landscape Grows Increasingly Dangerous for Manufacturers

Manufacturers remained among the most heavily targeted industries in 2025, driven by operational fragility and limited cybersecurity maturity. Sophos data shows that 51% of manufacturing firms paid ransomware demands, with ransom costs averaging $1M and recovery expenses approaching $1.3M. For the first time in three years, exploited vulnerabilities surpassed phishing and credential theft as the primary intrusion vector -showing how adversaries increasingly weaponize unpatched systems to disrupt production environments.